Utility tracer issues #29
Description
Just thoughts out loud:
1. Usage issues
When using tracer, it requires to many command arguments. It was tedious work to include all the events.
This could be resolved by providing RtlHookData to the tracer. However, this way we make the tracer Bridge implementation specific. Which I think is true. The tracer WILL be implementation specific.
2. Separate event definition
We are currently defining a separate batch of events for tracing and calling it MemoryEvents
Ideally, tracer needs to support base RtlHook. However, I see the reasoning behind havingg separate event definition: RtlHooks not necessarily what we want to see on the trace. The combination of RtlHook events can lead to a single trace event. Maybe it should support all RtlHooks by default and we can trace any RtlHook. And define additional TraceEvents